1 Answer
1

Instead of explicitly trusting the intermediate certificates, you should have your web server send the full certificate chain so that a client's trust of the root (not the intermediate) will allow them to validate.

Importing the intermediate manually may fix it on your system, but other people using that OS or others that don't have the intermediate (often phones are problematic) will still have problems.